DOCSLIB.ORG

Websphere MQ Security in an Enterprise Environment

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Websphere MQ Security in an Enterprise Environment Front cover WebSphere MQ Security in an Enterprise Environment Cross-platform security Secure Sockets Layer Message security Saida Davies Peter Rhys-Jenkins Hazel Fix Mayumi Kawashima John Scanlan Steven Lane ibm.com/redbooks International Technical Support Organization WebSphere MQ Security in an Enterprise Environment May 2003 SG24-6814-00 First Edition (May 2003) This edition applies to Version 3, Release 5, Modification 0 of WebSphere MQ. © Copyright International Business Machines Corporation 2003. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . .xi Trademarks . xii Preface . xiii The team that wrote this redbook. xiii Become a published author . xvi Comments welcome. xvii Part 1. Enterprise security . 1 Chapter 1. Project overview . 3 1.1 Security is a process . 5 1.2 Complexity. 5 1.3 Some notes on terminology. 6 1.3.1 Product names . 6 1.3.2 Security terminology . 6 1.4 Public key infrastructure (PKI). 7 Chapter 2. Planning. 9 2.1 Planning methodology. 10 2.1.1 Life cycle models. 10 2.1.2 Security engineering . 11 2.2 Perception . 14 2.2.1 The definition of security . 14 2.2.2 Myth 1: Security is a product. 14 2.2.3 Myth 2: Security can be implemented without much planning . 15 2.2.4 Myth 3: Security solutions can be considered in isolation. 15 2.2.5 Myth 4: Security is a combination of protection methods only . 16 2.3 Assets . 16 2.4 Threat assessment . 17 2.4.1 Threats against WebSphere MQ in an enterprise. 17 2.4.2 Threat modeling . 19 2.5 Risk assessment . 22 2.5.1 Assessing loss expectancy . 22 2.5.2 Other risk assessment methods . 23 2.6 Policy development . 23 2.6.1 Creating a security policy . 23 2.6.2 Anatomy of a security policy . 25 2.6.3 References for security policies and standards definitions . 27 © Copyright IBM Corp. 2003. All rights reserved. iii 2.7 Policy implementation . 27 2.7.1 What is a policy implementation document?. 27 2.7.2 Elements of a policy implementation document . 28 Chapter 3. Security technologies . 31 3.1 Getting certificates. 32 3.2 Submit a request for a certificate. 32 3.2.1 Using the HTTP server solution (iKeyman). 32 3.2.2 Using a CA in test mode . 33 3.2.3 Using Microsoft Windows 2000 certificate services . 33 3.2.4 Using OpenSSL . 33 3.2.5 Using Digital Certificate Manager (DCM) . 33 3.2.6 Using RACF . 33 3.3 Cryptographic co-processors . 34 3.4 Algorithms . 35 3.4.1 CipherSuites and CipherSpecs . 35 3.4.2 HASH and MAC . 36 3.4.3 Symmetric key encryption algorithms . 37 3.5 Lightweight directory access protocol (LDAP). 38 3.5.1 Differences between directories and databases . 38 3.6 KEYs and passwords . 39 3.6.1 Password strength . 39 3.7 SSL setup for WebSphere MQ . 40 3.8 Planning for SSL . 40 3.9 Preparing certificates. 41 3.9.1 Key repository . 41 3.9.2 Defining the certificate type for your system . 41 Chapter 4. Platform security. 45 4.1 z/OS security . 46 4.1.1 Overview of z/OS security. 46 4.1.2 z/OS Security Server. 48 4.1.3 Resource access control facility (RACF). 48 4.2 OS/400 security. 50 4.2.1 Object security . 50 4.2.2 System security. 51 4.2.3 Physical security . 51 4.2.4 Further reference . 52 4.3 AIX security . 52 4.3.1 User management and authorization . 52 4.3.2 Network security . 54 4.3.3 Trusted computing base (TCB) . 55 4.3.4 Further reference . 56 iv WebSphere MQ Security in an Enterprise Environment 4.4 Windows 2000 security . 56 4.4.1 Local logon process . 57 4.4.2 Active directory . 58 4.4.3 Network authentication . 59 4.4.4 Group policies . 60 4.4.5 Access control. 60 4.4.6 NTFS and the encrypted file system . 61 4.4.7 Public key infrastructure and certificate services . 61 4.4.8 Auditing . 62 4.5 WebSphere MQ security for z/OS . 63 4.5.1 Overview . ..
Load more

Recommended publications
  • Of Friday 13 June 2008 Supplement No. 1 Birthday Honours List — United Kingdom
    05-06-2008 13:04:14 [SO] Pag Table: NGSUPP PPSysB Job: 398791 Unit: PAG1 Number 58729 Saturday 14 June 2008 http://www.london-gazette.co.uk B1 [ Richard Gillingwater. (Jun. 14, 2008). C.B.E. Commander of the Order of the British Empire, 2008 Birthday Honours, No. 58729, Supp. No. 1, PDF, p. B7. London Gazette. Reproduced for educationaly purposes only. Fair Use relied upon. ] Registered as a newspaper Published by Authority Established 1665 of Friday 13 June 2008 Supplement No. 1 Birthday Honours List — United Kingdom CENTRAL CHANCERY OF Dr. Philip John Hunter, C.B.E., Chief Schools THE ORDERS OF KNIGHTHOOD Adjudicator. For services to Education. Moir Lockhead, O.B.E., Chief Executive, First Group. St. James’s Palace, London SW1 For services to Transport. 14 June 2008 Professor Andrew James McMichael, F.R.S., Professor of Molecular Medicine and Director, Weatherall The Queen has been graciously pleased, on the occasion Institute of Molecular Medicine, University of Oxford. of the Celebration of Her Majesty’s Birthday, to signify For services to Medical Science. her intention of conferring the honour of Knighthood William Moorcroft, Principal, TraVord College. For upon the undermentioned: services to local and national Further Education. William Desmond Sargent, C.B.E., Executive Chair, Better Regulation Executive, Department for Business, Enterprise and Regulatory Reform. For services to Knights Bachelor Business. Michael John Snyder. For services to Business and to the City of London Corporation. Paul Robert Stephenson, Q.P.M., Deputy Commissioner, Dr. James Iain Walker Anderson, C.B.E. For public and Metropolitan Police Service.
    [Show full text]
  • Informatikai Alapok
    INFORMATIKAI ALAPOK GÁBOR DÉNES FŐISKOLA 2019 Szerzők: Berecz Antónia (4. fejezet), Karácsony Péter (7. fejezet), Kónya László (6. fejezet), Peck Tibor (5. fejezet), Szász Gábor (1. fejezet, Melléklet) Vári-Kakas István (2-3. fejezet) Lektor: Cserny László Szerkesztő: Hülber László Műszaki szerkesztők: Littvay László, Lozsádi Csilla Grafikai munkák: Pálvölgyi Gábor Tartalomjegyzék Tartalomjegyzék ....................................................................................................................... 3 Bevezetés ................................................................................................................................... 9 1. Bevezetés az informatikába és a számítástechnikába .................................................... 10 1.1. Bevezető gondolatok .................................................................................................... 10 1.2. Az informatika rövid története ..................................................................................... 12 1.2.1. Az adattárolás korai eszközei ................................................................................ 12 1.2.2. A számolást segítő eszközök fejlődése ................................................................. 13 1.2.3. A programvezérlés kezdetei .................................................................................. 18 1.3. Neumann elvek ............................................................................................................. 25 1.3.1. Neumann elvek tömören ......................................................................................
    [Show full text]
  • Announcement Summary
    Announcement Summary IBM United States September 18, 2001 Announcements by FAX or Internet FAX The Table of Contents in this package contains the title and letter number for each announcement. Through the FAX Information Service, you can access these or previous Announcement Letters. See the Table of Contents for the FAX Information Service Index. The FAX Information Service is toll-free, easy to use, and available 24 hours a day, 7 days a week. All you have to do is: Step 1: From your touch-tone phone, dial 1-800-IBM-4FAX (1-800-426-4329). Note: Near the end of your call, you will be prompted for the phone number of your fax machine. Step 2: Select Option 2. Step 3: Enter the selected Announcement Letter Number. The Announcement Letter Number is the number that follows the title in the Table of Contents. In the following example, it is 101-253. Options by IBM: PRO/1000T Desktop and PRO/1000T Low Profile Desktop Adapters by Intel 101-253 To select the fax for the detailed Announcement Letter, enter 101253 followed by the pound (#) key. Step 4: You may enter additional Announcement Letter Numbers or request other product information. Up to five documents may be requested per call. Continue following the prompts to receive your requests. Note: To call the FAX Information Service from outside the United States, you must dial 1-408-256-5422 from a fax machine phone. Internet You can access IBM U.S. Announcement Summaries and IBM U.S. Announcement Detail Letters electronically through the Internet at http:/www.ibm.com/news .
    [Show full text]
  • Jul to Dec 2013
    Butterfly Conservation Hampshire and Isle of Wight Branch Page 1 of 33 Butterfly Conservation Hampshire and Saving butterflies, moths and our environment Isle of Wight Branch HOME ABOUT » EVENTS » CONSERVATION » SPECIES » SIGHTINGS » PUBLICATIONS » LINKS » ISLE OF WIGHT » MEMBERS » Wednesday 31st July Judith Frank reports from Byway stretch between Stockbridge and Broughton (SU337354) where the following observations were made: Holly Blue (2 "didn't settle long enough for me to be sure but seemed most likely to be hollies."), Peacock (1), Meadow Brown (2), Large White (9), Ringlet (9), Brimstone (1), Comma (2), Green-veined White (4), Gatekeeper (5). "On a day of only fleeting sunshine, I was interested to see what there might be on a section of byway through farmland not particularly managed for butterflies. A large patch of brambles yielded the most colour with the commas, gatekeepers and blues.". Speckled Wood Comma NT Owen reports from Roe Inclosure, Linwood (SU200086) where the following observations were made: Large White (2), Large Skipper (1), Gatekeeper (3), Small Skipper (1), Silver-washed Fritillary (4 "Including one Valezina form female"). Silver-washed Fritillary f. valezina Steve Benstead reports from Brading Down (SZ596867) where the following observations were made: Chalkhill Blue (5), Painted Lady (1), Clouded Yellow (1). "Overcast but warm". Gary palmer reports from barton common (SZ249931) where the following observations were made: Large White (2), Small White (3), Marbled White (3), Meadow Brown (20), Gatekeeper (35), Small Copper (1), Common Blue (1), vapourer moth (1 Larval "using poplar sapling"), peppered moth (1 Larval "using alder buckthorn"), buff tip moth (49 Larval "using mature sallow").
    [Show full text]
  • Patterns: SOA Foundation Service Creation Scenario
    Front cover Patterns: SOA Foundation Service Creation Scenario Key concepts and architecture of the IBM SOA Foundation Process for identifying SOA scenarios, patterns and services Service Creation scenario working examples John Ganci Amit Acharya Jonathan Adams Paula Diaz de Eusebio Gurdeep Rahi Diane Strachan Kanako Utsumi Noritoshi Washio ibm.com/redbooks International Technical Support Organization Patterns: SOA Foundation Service Creation Scenario September 2006 SG24-7240-00 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. First Edition (September 2006) This edition applies to IBM Rational Application Developer V6.0.1 on Microsoft Windows XP, and IBM WebSphere Application Server Network Deployment V6.0.2 and IBM Tivoli Composite Application Manager for SOA V6.0 on Microsoft Windows 2003 Server. © Copyright International Business Machines Corporation 2006. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . xi Trademarks . xii Preface . xiii The team that wrote this redbook. xiii Become a published author . xvii Comments welcome. xvii Part 1. Getting started with IBM SOA Foundation . 1 Chapter 1. Introduction to service- oriented architecture . 3 1.1 Service-oriented architecture overview . 4 1.1.1 Definition of a service-oriented architecture . 4 1.1.2 Challenges and drivers for SOA . 6 1.1.3 Why SOA now?. 10 1.1.4 SOA approach for building a solution . 13 1.2 Getting started with SOA. 14 1.2.1 SOA adoption . 14 1.2.2 IBM SOA entry points .
    [Show full text]
  • IBM Presentation Template Full Version
    Maria Luisa Lopez de Silanes – IIB ID developer 25 March 2014 Graphical Data Mapping in IBM Integration Bus v9 Marisa Lopez de Silanes IBM Integration Bus Development IBM Hursley Park, UK [email protected] © 2009 IBM Corporation Agenda . Graphical Data Mapping overview . Designing a message map . Graphical Data Mapping editor . Editing message maps . Transforming a SOAP message . Executing a message map . Troubleshooting message maps 2 © 2014 IBM Corporation Graphical Data Mapping . Graphical data maps offer the ability to achieve the transformation of a message without the need to write code, providing a visual image of the transformation, and simplifying its implementation and ongoing maintenance. A message map is the IBM Integration Bus implementation of a graphical data map. It is based on XML schema and XPath 2.0 standards. You can use a message map to perform any of the following actions: – Transform a message – Enrich a message with data available in an external database – Modify data located in an external database • Note: You can call DB2 stored procedures from a graphical data map in IBM Integration Bus version 9 – Route a message based on content. 3 © 2014 IBM Corporation Designing a message map . The data structure that you define in a message map for an input or an output message is the IBM Integration Bus internal representation of the message. Each data transformation is driven by the type of the output element and the mapping operation required to calculate its value. A conditional expression can be defined per transform to define the condition under which a transform should be applied.
    [Show full text]
  • Websphere MQ V6, Websphere Message Broker V6, and SSL
    Front cover WebSphere MQ V6, WebSphere Message Broker V6, and SSL WebSphere MQ SSL channels on Windows WebSphere MQ V6 and WebSphere Message Broker V6 (the Toolkit) Connecting WebSphere MQ and Message Broker using SSL Saida Davies Emir Garza Vicente Suarez ibm.com/redbooks Redpaper International Technical Support Organization WebSphere MQ V6, WebSphere Message Broker V6, and SSL November 2006 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (November 2006) This edition applies to Version 6 of IBM WebSphere MQ and Version 6 of IBM WebSphere Message Broker. © Copyright International Business Machines Corporation 2006. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team that wrote this Redpaper . ix Become a published author . x Comments welcome. xi Chapter 1. Connecting two Windows queue managers using SSL . 1 1.1 Basic configuration . 2 1.1.1 Creating the queue managers. 2 1.1.2 Setting up the channels. 3 1.1.3 Checking the channels . 4 1.2 SSL: The very basics . 5 1.3 Process overview . 6 1.3.1 Creating a key repository for each queue manager . 6 1.3.2 Obtaining a certificate for each queue manager . 8 1.3.3 Installing the certificates in the key repositories . 10 1.3.4 Setting up the channels for SSL authentication and testing . 18 Chapter 2. WebSphere MQ V6 clients on Windows . 21 2.1 Process overview .
    [Show full text]
  • CICS System Manager in the WUI As the Principle Management Interface
    Front cover CICS System Manager in the WUI as the Principle Management Interface Installation and overview of CICSPlex SM V3.2 Migration to CICSPlex SM V3.2 Using the CICSPlex SM WUI Chris Rayns Daniel Donnelly John Dobler Gordon Keehn Adrian Ray ibm.com/redbooks International Technical Support Organization CICS System Manager in the WUI as the Principle Management Interface November 2007 SG24-6793-01 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. Second Edition (November 2007) This edition applies to Version 3, Release 2, CICS Transaction Server. © Copyright International Business Machines Corporation 2005, 2007. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team that wrote this RedBook . ix Become a published author . x Comments welcome. xi Chapter 1. CICSPlex SM overview . 1 1.1 CICSPlex SM introduction. 2 1.2 Basic CICSPlex SM components . 4 1.3 CICSPlex SM Web User Interface . 6 1.3.1 CICSPlex SM Web User Interface overview . 7 1.3.2 CICS TS V3.2 WUI enhancements . 9 1.4 CICSPlex SM installation enhancements . 9 1.5 CICSPlex SM enhancements . 10 Chapter 2. CICSPlex SM installation . 13 2.1 Installing CICSPlex SM . 15 2.1.1 Pre-installation tasks . 15 2.1.2 Installation tasks . 16 2.1.3 Defining the CMAS . 23 2.1.4 Defining the WUI . 37 2.2 Connecting to the WUI . 51 2.2.1 Accessing the WUI .
    [Show full text]
  • CICS Transaction Gateway V5 the Websphere Connector for CICS
    Front cover CICS Transaction Gateway V5 The WebSphere Connector for CICS Install and configure the CICS TG on z/OS, Linux, and Windows Configure TCP/IP, TCP62, APPC or EXCI connections to CICS TS V2.2 Deploy J2EE applications to WebSphere Application Server V4 on z/OS or Windows Phil Wakelin John Joro Kevin Kinney David Seager ibm.com/redbooks International Technical Support Organization CICS Transaction Gateway V5 The WebSphere Connector for CICS August 2002 SG24-6133-01 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. Second Edition (August 2002) This document updated on June 26, 2009. This edition applies to CICS Transaction Gateway V5.0 and CICS Transaction Server for z/OS V2.2 for use on the z/OS and Windows operating systems. © Copyright International Business Machines Corporation 2001 2002. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . x Preface . xi The team that wrote this redbook. xii Become a published author . xiii Comments welcome. xiii Summary of changes . xv August 2002, Second Edition . xv Part 1. Introduction . 1 Chapter 1. CICS Transaction Gateway . 3 1.1 CICS TG: Infrastructure. 4 1.1.1 Client daemon . 5 1.1.2 Gateway daemon . 7 1.1.3 Configuration Tool. 9 1.1.4 Terminal Servlet . 10 1.2 CICS TG: Interfaces . 11 1.2.1 External Call Interface. 11 1.2.2 External Presentation Interface. 12 1.2.3 External Security Interface .
    [Show full text]
  • Websphere and .Net Interoperability Using Web Services
    Front cover WebSphere and .Net Interoperability Using Web Services Examples and guidance for building interoperable Web services Roadmap to Web services specifications Using Service-Oriented patterns Peter Swithinbank Francesca Gigante Hedley Proctor Mahendra Rathore William Widjaja ibm.com/redbooks International Technical Support Organization WebSphere and .Net Interoperability Using Web Services June 2005 SG24-6395-00 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (June 2005) This edition applies to WebSphere Studio Application Developer V5.1.2 running on Microsoft Windows XP Pro, WebSphere Application Server V5.1.1 with DB/2 8.1 running on Microsoft Server 2003, Microsoft.Net Framework 1.1, and Microsoft IIS V6.0 running on Microsoft Server 2003. © Copyright International Business Machines Corporation 2005. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . x Preface . xi The team that wrote this redbook. xiii Become a published author . xv Comments welcome. xv Chapter 1. Introduction. 1 1.1 Background of this book . 2 1.1.1 The scenario . 2 1.1.2 Use of Web services . 3 1.1.3 Other approaches to interoperability . 3 1.1.4 WS-I . 4 1.1.5 Audience . 5 1.1.6 Terminology . 6 Part 1. Introduction to Web services. 9 Chapter 2. SOAP primer . 11 2.1 What is SOAP? . 12 2.2 SOAP components . 12 2.3 What is in a SOAP message? . 14 2.3.1 Headers.
    [Show full text]
  • Mapping the Landscape of UK Health Data Research & Innovation
    Mapping the Landscape of UK Health Data Research & Innovation A snapshot of activity in 2017 Dr Ekaterini Blaveri October 2017 CONTENTS Foreword 5 1. Background to this review 7 1.1. Aims 8 1.2. Scope and sections 8 1.3. Approach 9 1.4. Challenges 10 1.5. Acknowledgements 10 2. Overview of major informatics investments by Funder 11 2.1. MRC 12 2.1.1. The Farr Institute of Health Informatics Research 12 2.1.2. MRC Medical Bioinformatics initiative 16 2.1.3. MRC Capital Investment in Genomics England Data Infrastructure 19 2.2.1. The NIHR Biomedical Research Centres 21 2.2.2. The NIHR Health Informatics Collaborative programme 22 2.2.3. The NIHR Collaboration for Leadership in Applied Health Research and Care 25 2.3. Department of Health and Social Care 26 2.3.1. Academic Health Science Centres 26 2.3.2. Genomics England | 100,000 Genomes Project 27 2.4. NHS 28 2.4.1. Academic Health Science Networks 28 2.4.2. NHS Genomic Medicine Centres 30 2.4.3. NHS Global Digital Exemplars 31 2.5. ESRC’s investments in Big Data 32 2.5.1. Administrative Data Research Network 32 2.6. EPSRC’s health data research investments 33 3. Key informatics investments by Research Organisation 35 England – East Anglia and Midlands 38 University of Cambridge 41 EMBL-European Bioinformatics Institute 48 Wellcome Sanger Institute 52 University of Birmingham 56 University of Leicester 62 University of Warwick 68 England – London 74 Imperial College London 76 King’s College London 85 London School of Hygiene and Tropical Medicine 94 Queen Mary University of London 98 University
    [Show full text]
  • ARCHIVED: Pooled JVM in CICS Transaction Server V3
    Front cover ARCHIVED: Pooled JVM in CICS Transaction Server V3 Archived IBM Redbooks publication covering ‘Pooled JVM’ in CICS TS V3 'Pooled JVM’ was superseded by CICS ‘JVM server’ in CICS TS V4 ‘Pooled JVM’ infrastructure was removed in CICS TS V5 Chris Rayns George Burgess Scott Clee Tom Grieve John Taylor Yun Peng Ge Guo Qiang Li Qian Zhang Derek Wen ibm.com/redbooks International Technical Support Organization ARCHIVED: Pooled JVM in CICS Transaction Server V3 June 2015 SG24-5275-04 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. Fifth Edition (June 2015) This edition applies to Version 3, Release 2, CICS Transaction Server . © Copyright International Business Machines Corporation 2015. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . .x Preface . xi The team that wrote this book . xi Become a published author . xiv Comments welcome. xiv Summary of changes. .xv June 2015, Fifth Edition . .xv Part 1. Overview . 1 Chapter 1. Introduction. 3 1.1 z/OS . 5 1.2 CICS Transaction Server Version 3 . 7 1.3 Java overview . 8 1.3.1 Java language. 8 1.3.2 Java Virtual Machine. 10 1.3.3 Java on z/OS . 10 1.3.4 Runtime Environment and tools . 11 1.4 CICS Transaction Server for z/OS 3.2 enhancements for Java . 13 1.4.1 Usability enhancements . 13 1.4.2 Java Virtual Machines management enhancements . 14 1.4.3 Continuous Java Virtual Machines versus resettable Java Virtual Machines .
    [Show full text]